Skip to main content

The_Science_of_Insecurity_


Published February 17, 2013


The Science of Insecurity by Meredith L. Patterson, Len Sassaman, and Sergey Bratus. Uploaded by Gerard Arthus into the Public Domain under the Creative Commons License.

Why are the overwhelming majority of common networked software still not secure, despite all effort to the contrary? Why is it almost certain to get exploited so long as attackers can craft its inputs? Why is it the case that no amount of effort seems to be enough to fix software that must speak certain protocols?

The answer to these questions is that for many protocols and services currently in use on the Internet, the problem of recognizing and validating their "good", expected inputs from bad ones is either not well-posed or is undecidable (i. e., no algorithm can exist to solve it in the general case), which means that their implementations cannot even be comprehensively tested, let alone automatically checked for weaknesses or correctness. The designers' desire for more functionality has made these protocols effectively insecurable.

In this talk we'll draw a direct connection between this ubiquitous insecurity and basic computer science concepts of Turing completeness and theory of languages. We will show how well-meant protocol designs are doomed to their implementations becoming clusters of 0-days, and will show where to look for these 0-days. We will also discuss simple principles of how to avoid designing such protocols.


Run time 59 min 29 sec
Producer Meredith L. Patterson, Len Sassaman, and Sergey Bratus
Production Company Gerard Arthus
Audio/Visual sound, color
Language English

Reviews

There are no reviews yet. Be the first one to write a review.
PEOPLE ALSO FOUND
Community Video
by The World Economic Forum
35
0
0
Community Video
by Gerd Leonhard and Ross Dawson
56
0
0
Community Video
by The Khan Academy
65
0
0
Community Video
by Chervon Singh
550
0
0
Community Video
by Ethan Zuckerman
282
0
0
Community Video
by Catholics Called to Witness
66
0
0
Community Video
by Jim Rogers
238
0
0
Community Video
by The World Economic Council Forum
91
0
0
Community Video
by Avondale Studios
53
0
0